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SYSTEMS AND METHODS FOR PROTECTING SENSITIVE FILES 
FROM UNAUTHORIZED ACCESS 

TECHNICAL FIELD 

[0001] The present invention relates generally to computer security. More specifically, the 
present invention relates to systems and methods for protecting sensitive files on a computing 
device fi'om unauthorized access. 

BACKGROUND 

[0002] Computer and communication technologies continue to advance at a rapid pace. 
Indeed, computer and communication technologies are involved in many aspects of a person's 
day. For example, many devices being used today have a small computer inside of the device. 
These small computers come in varying sizes and degrees of sophistication. Computers 
commonly used include everything from hand-held computing devices to large multi-processor 
computer systems. 

[0003] Computers are used in almost all aspects of business, industry and academic 
endeavors. More and more homes are using computers as well. The pervasiveness of computers 
has been accelerated by the increased use of computer networks, including the Internet. Most 
companies have one or more computer networks and also make extensive use of the Internet. 
The productivity of employees often requires human and computer interaction. Improvements in 
computers and software have been a force for bringing about great increases in business and 
industrial productivity. 

[0004] Computers are frequently used to store sensitive information. Unfortunately, the 
sensitive information that is stored on computers is often targeted by unauthorized users, 
sometimes referred to as intruders. Intruders may act in two different ways. Passive intruders 
attempt to read files that they are not authorized to read. Active intruders attempt to make 
unauthorized changes to data. Some intruders may be highly skilled and willing to devote a 
substantial amount of time to breaking the security of a computer system. 
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[0005] The term "security" refers generally to the problems involved in making sure that files 
are not read or modified by unauthorized persons. From a security perspective, computer 
systems have at least two goals: data confidentiality and data integrity. Data confidentiality 
means that secret data should remain secret. Data integrity means that unauthorized users should 
not be able to modify any data without the owner's permission. 

[0006] Computers are frequently connected to other computers and/or electronic devices, 
often via computer networks. This complicates the issue of providing adequate security. When a 
computer is connected to a network, users of other computing devices that are also connected to 
the network may have access to the sensitive files stored on the computer. If this is not desirable, 
then steps are generally taken to prevent access to the sensitive files. 

[0007] Within a business context, as corporate performance and end-user productivity have 
become increasingly dependent on computers, computer support personnel are continuously 
under pressure to ensure computer security. The support personnel are also under pressure to 
perform tasks as efficiently as possible which may include minimizing effects to existing 
computer systems and networks or disturbance of computer users. Accordingly, benefits may be 
realized by improved systems and methods for protecting sensitive files on a computing device 
from unauthorized access. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0008] The present embodiments will become more fially apparent from the following 
description and appended claims, taken in conjunction with the accompanying drawings. 
Understanding that these drawings depict only typical embodiments and are, therefore, not to be 
considered limiting of the invention's scope, the embodiments Avill be described with additional 
specificity and detail through use of the accompanying drawings in which: 
[0009] Figure 1 is a block diagram illustrating an exemplary system in which some 
embodiments may be practiced; 

[0010] Figure 2 is a flow diagram illustrating an embodiment of a method which may be 
performed by the security agent; 
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[0011] Figure 3 is a block diagram illustrating a plurality of files stored on the computing 

device; 

[0012] Figure 4 illustrates a storage device of the computing device; 

[0013] Figure 5 is a block diagram illustrating an embodiment of the sensitive file 
information; 

[0014] Figure 6 is a block diagram illustrating another embodiment of the sensitive file 
information; 

[0015] Figure 7 is a block diagram illustrating an embodiment of the authorized connection 
Ust; 

[0016] Figure 8 is a block diagram illustrating another embodiment of the authorized 
connection list; 

[0017] Figure 9 is a block diagram illustrating an exemplary system in which the security 

agent may be distributed to and installed on the computing devices of an enterprise; 

[0018] Figure 10 is a. block diagram illustrating the security agent installed on a computing 

device; 

[0019] Figure 1 1 is a block diagram illustrating the logical relationship between the security 
agent and the sensitive files on a computing device; 

[0020] Figure 12 is a block diagram illustrating the major hardware components typically 
utilized in a computing device; and 

[0021] Figure 13 is a block diagram illustrating an exemplary computer network on which 
the present systems and methods may be implemented. 

DETAILED DESCRIPTION 

[0022] In a computing device, a method for protecting sensitive files fi-om unauthorized 
access is disclosed. The method involves detecting a connection of the computing device to an 
electronic device. An authorized connection list is accessed. It is determined whether the 
connection is identified in the authorized connection list. If the connection is not identified in the 
authorized connection Ust, the method also involves accessing sensitive file information which 
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identifies at least one sensitive file stored on the computing device and preventing access to the 
at least one sensitive file identified by the sensitive file information. 

[0023] In some embodiments, if the connection is not identified in the authorized connection 
list the method also involves detecting termination of the connection. If the computing device 
does not have any other unauthorized connections, access is restored to the at least one sensitive 
file identified by the sensitive file information. 

[0024] In some embodiments, the connection occurs via a computer network. The network 
may be a wireless network, and the computing device may be a mobile computing device. 
Altematively, the connection may be a direct connection. 

[0025] Access to the at least one sensitive file may be prevented in a variety of different 
ways. For example, preventing access to the at least one sensitive file may involve locking the at 
least one sensitive file. As another altemative, preventing access to the at least one sensitive file 
may involve encrypting the at least one sensitive file. As yet another altemative, preventing 
access to the at least one sensitive file may involve moving the at least one sensitive file to a 
host-protected area of the storage device. 

[0026] The sensitive file information may include a reference to a directory in which the at 
least one sensitive file is stored. Altematively, the sensitive file information may include a list of 
the at least one sensitive file. 

[0027] The authorized connection list may include a list of at least one authorized network. 
Altematively, the authorized connection list may include a list of at least one authorized 
connection type. 

[0028] A method in an administrative system which distributes soflware to a pluraHty of 
computing devices on an enterprise network is also disclosed. The method performed by the 
administrative system involves providing a security agent. After installation on a computing 
device the security agent is configured to implement a method that involves detecting a 
connection of the computing device to an electronic device. The method performed by the 
security agent also involves accessing an authorized connection list and determining whether the 
connection is identified in the authorized connection list. If the connection is not identified in the 
authorized connection list, the method performed by the security agent also involves accessing 
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sensitive file information which identifies at least one sensitive file stored on the computing 
device and preventing access to the at least one sensitive file identified by the sensitive file 
information. The method performed by the administrative system also involves transmitting the 
security agent to the plurality of computing devices via the enterprise network, hi some 
embodiments, the method performed by the security agent also involves providing the authorized 
connection list and the sensitive file information, and transmitting the authorized connection list 
and the sensitive file information to the plurality of computing devices via the enterprise 
network. 

[0029] A computing device that is configured for protecting sensitive files fi:om unauthorized 
access is also disclosed. The computing device includes a processor and memory in electronic 
communication with the processor. Instructions are stored in the memory. The instructions are 
executable to implement a method that involves detecting a connection of the computing device 
to an electronic device. The method also involves accessing an authorized connection list. The 
method also involves determining whether the connection is identified in the authorized 
connection list. If the connection is not identified in the authorized connection list, the method 
also involves accessing sensitive file information which identifies at least one sensitive file 
stored on the computing device and preventing access to the at least one sensitive file identified 
by the sensitive file information. 

[0030] A computer-readable medium for storing program data is also disclosed. The 
program data includes executable instructions for implementing a method that involves detecting 
a connection of a computing device to an electronic device. The method also involves accessing 
an authorized connection list. The method also involves determining whether the connection is 
identified in the authorized connection list. If the connection is not identified in the authorized 
connection list, the method also involves accessing sensitive file information which identifies at 
least one sensitive file stored on the computing device and preventing access to the at least one 
sensitive file identified by the sensitive file information. 

[0031] Various embodiments of the invention are now described with reference to the 
Figures, where like reference numbers indicate identical or fimctionally similar elements. It will 
be readily understood that the components of the embodiments as generally described and 
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illustrated in the Figures herein could be arranged and designed in a wide variety of different 
configurations. Thus, the following more detailed description of the embodiments of the systems 
and methods of the present invention, as represented in the Figures, is not intended to limit the 
scope of the invention, as claimed, but is merely representative of the embodiments of the 
invention. 

[0032] The word "exemplary" is used exclusively herein to mean "serving as an example, 
instance, or illustration." Any embodiment described herein as "exemplary" is not necessarily to 
be construed as preferred or advantageous over other embodiments. While the various aspects of 
the embodiments are presented in drawings, the drawings are not necessarily drawn to scale 
unless specifically indicated. 

[0033] Several aspects of the embodiments described herein will be illustrated as software 
modules or components stored in a computing device. As used herein, a software module or 
component may include any type of computer instruction or computer executable code located 
within a memory device and/or transmitted as electronic signals over a system bus or network. A 
software module may, for instance, comprise one or more physical or logical blocks of computer 
instructions, which may be organized as a routine, program, object, component, data structure, 
etc., that performs one or more tasks or implements particular abstract data types. 
[0034] In certain embodiments, a particular software module may comprise disparate 
instructions stored in different locations of a memory device, which together implement the 
described fimctionality of the module. Indeed, a module may comprise a single instruction, or 
many instructions, and may be distributed over several different code segments, among different 
programs, and across several memory devices. Some embodiments may be practiced in a 
distributed computing environment where tasks are performed by a remote processing device 
linked through a communications network. In a distributed computing environment, software 
modules may be located in local and/or remote memory storage devices. 

[0035] Note that the exemplary embodiment is provided as an exemplar throughout this 
discussion, however, altemate embodiments may incorporate various aspects without departing 
fi-om the scope of the present invention. 



[0036] The order of the steps or actions of the methods described in connection with the 
embodiments disclosed herein may be changed by those skilled in the art without departing from 
the scope of the present invention. Thus, any order in the Figures or detailed description is for 
illustrative purposes only and is not meant to imply a required order. 

[0037] Figure 1 is a block diagram illustrating an exemplary system 100 in which some 
embodiments may be practiced. The system 100 includes a computing device 102. A computing 
device 102, as used herein, is any device that includes a digital processor capable of receiving 
and processing data. A computing device 102 includes the broad range of digital computers, 
including hand-held computers, personal computers, servers, mainframes, supercomputers, 
microcontrollers, and the like. 

[0038] The computing device 102 is capable of establishing one or more connections 104 to 
other electronic devices 106. A connection 104 between the computing device 102 and an 
electronic device 106 is established if data may be transmitted from the computing device 102 to 
the electronic device 106, or vice versa. As shown, a connection 104a between the computing 
device 102 and an electronic device 106a may occur via a computer network 108. Thus, signals 
transmitted from the computing device 102 to an electronic device 106a, and vice versa, may 
pass through one or more intermediate nodes en route to its destination. Alternatively, a direct 
connection 104b may be formed between the computing device 102 and an electronic device 
106b. 

[0039] Some examples of electronic devices 106 to which the computing device 102 may be 
connected include other computing devices as well as removable storage devices. A removable 
storage device, as used herein, refers to any storage device that is plugged into an external port on 
a computing device 102. Examples of removable storage devices include thumb drives 
(sometimes referred to as pen drives, keychain drives, key drives, or memory keys) and portable 
hard drives. 

[0040] One or more sensitive files 110 are stored on the computing device 102. As used 
herein, the term sensitive file 110 should be interpreted broadly to include any file that includes 
information that one or more individuals would like to keep from being disclosed to the public. 
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[0041] In some situations, the computing device 102 may establish one or more connections 
104 that provide other individuals with undesired access to the sensitive files 110 on the 
computing device 102. For example, the computing device 102 may be a mobile computing 
device 102. When a user of the mobile computing device 102 enters a wireless hot spot (i.e., the 
geographic boundary covered by a wireless access point of a wireless network 108), the mobile 
computing device 102 may establish a connection 104 to the wireless network 108, sometimes 
without the user's knowledge. This may provide other computing devices that are also connected 
to the wireless network 108 with undesired access to the sensitive files 110 on the computing 
device 102. 

[0042] Of course, other types of computing devices 102 may also establish connections 104 
that provide undesired access to sensitive files 110. For example, a user of a desktop computer 
may leave the computer unattended for a brief period of time while taking a break. During this 
time, another individual may connect a removable storage device to the computing device 102, 
and copy sensitive files fi*om the computing device 102 to the removable storage device. 
[0043] To protect the sensitive files 1 10 on the computing device 102 fi-om undesired access, 
a security agent 112 is running on the computing device 102. The security agent 112 is a 
software module, in accordance with how that term is defined above. The security agent 112 
monitors connections 104 of the computing device 102 to other electronic devices 106. When an 
unauthorized connection 104 is detected, the security agent 112 prevents access to the sensitive 
files 1 10 on the computing device 102. The operation of the security agent 112 will be described 
in greater detail below. 

[0044] The security agent 112 may access and use certain kinds of information while it is 
performing its tasks. For example, the security agent 112 may access and use sensitive file 
information 114 to identify the sensitive files 110 on the computing device 102. The security 
agent 112 may access and use an authorized connection list 1 16 to determine whether a particular 
connection 104 is authorized or not. The sensitive file information 114 and the authorized 
connection list 116 will be described in greater detail below. Although the sensitive file 
information 114 and the authorized connection Ust 116 are shown as residing on the computing 
device 102, in altemative embodiments the sensitive file information 114 and the authorized 
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connection list 116 may reside on a separate device that is in electronic communication with the 
computing device 102. Also, although the sensitive file information 114 and the authorized 
connection list 116 are shown as being separate from the security agent 112 in Figure 1, in 
ahemative embodiments the sensitive file information 1 14 and the authorized connection list 116 
may be part of the security agent 112. 

[0045] Figure 2 is a flow diagram illustrating an embodiment of a method 200 which may be 
performed by the security agent 112. In typical embodiments, the security agent 112 monitors 
the connections 104 of the computing device 102. This may involve monitoring the 
communication ports of the computing device 102. The security agent 112 performs the 
illustrated method 200 upon detection 202 of a connection 104 between the computing device 
102 and another electronic device 106. 

[0046] Once the connection 104 is detected, the security agent 112 accesses 204 the 
authorized connection list 116. The security agent 112 then determines 206 whether the 
connection 104 that was detected in step 202 is identified in the authorized connection list 116. 
If the connection 104 is identified in the authorized connection Ust 116, the connection 104 is 
authorized. Therefore, the security agent 112 takes no action with respect to the sensitive files 
1 10, and the method 200 ends. 

[0047] If the connection 104 is not identified in the authorized connection list 116, then the 
connection 104 is not authorized. The security agent 112 then accesses 208 the sensitive file 
information 114. As indicated above, the sensitive file information 114 identifies sensitive files 
110 which are stored on the computing device 102. The security agent 112 then prevents 210 
access to the sensitive files 110 identified by the sensitive file information 114. Some exemplary 
approaches for preventing access to the sensitive files 110 will be described below. 
[0048] At some point, the unauthorized connection is terminated, and the security agent 112 
detects 212 termination of the connection 104. The security agent 112 then determines 214 
whether the computing device 102 has any other unauthorized connections 104. If the computing 
device 102 does not have any other unauthorized connections 104, the security agent 112 restores 
216 access to the sensitive files 110 on the computing device 102. If, however, the computing 
device 102 does have at least one other unauthorized connection 104, the security agent 112 
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waits until all unauthorized connections 104 have been terminated before restoring 216 access to 
the sensitive files 110. 

[0049] The security agent 1 12 may prevent 210 access to the sensitive files 1 10 in a variety 
of different ways. In some embodiments, the security agent 112 may lock the sensitive files 110. 
Figure 3 is a block diagram illustrating a plurality of files 318 stored on the computing device 
102. The files 318b, 318d are locked, as indicated by the thick lines. The files 318a, 318c, 318e 
on the computing device 302 are not locked. 

[0050] The. security agent 1 12 may lock the sensitive files 110 on the computing device 302 
(such as the files 318b, 318d) by making a call to an API of the operating system. Windows XP® 
is an example of an operating system that supports file locking. In some embodiments, when the 
sensitive files 110 on the computing device 302 are locked, no one has access to the sensitive 
files 110 including the user of the computing device 102. 

[0051] Another way in which the security agent 112 may prevent access to the sensitive files 
110 is by encrypting the sensitive files 110. In some embodiments, the security agent 112 may 
prevent access to the sensitive files 110 via encryption if the operating system of the computing 
device 302 does not support file locking. Windows 98® is an example of an operating system 
that does not support file locking. 

[0052] Another approach for preventing 210 access to the sensitive files 110 involves 
moving the sensitive files 110 to a different location. Figure 4 illustrates a storage device 420 of 
the computing device 402. The sensitive files 410 are stored on the storage device 420. The 
storage device includes a host-protected area 422, which is a reserved area of the storage device 
420 that is hidden fi-om the operating system and the file system. To prevent access to the 
sensitive files 410, the security agent 112 may move the sensitive files 410 to the host-protected 
area 422 of the storage device 420. 

[0053] Figures 5-6 are block diagrams illustrating embodiments of the sensitive file 
information. There are a variety of different ways in which a user of the computing device 102 
may keep track of sensitive files 110 that are stored on the computing device 102. For example, 
all of the sensitive files 110 on the computing device 102 may be stored within a particular 
directory. Therefore, as shown in Figure 5, in some embodiments the sensitive file information 
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514 may be a reference to a directory 524 in which the sensitive files 1 10 are stored. When the 
security agent 112 detects an unauthorized connection 104, the security agent 112 prevents 
access to all of the files within the directory 524 (including files stored within any 
subdirectories). 

[0054] Alternatively, sensitive files 110 may be stored in a variety of different directories 
throughout the file system of the computing device 102. In such embodiments, as shown m 
Figure 6, the sensitive file information 614 may be a list of the sensitive files 610 stored on the 
computing device 102. When the security agent 112 detects an unauthorized connection 104, the 
security agent 112 prevents access to all of the files 610 within the list. 

[0055] Figures 7-8 are block diagrams illustrating embodiments of the authorized connection 
list. As discussed above, the security agent 112 is designed to protect the sensitive files 110 on 
the computing device 102 fi"om imdesired access via imauthorized connections 104. There are a 
variety of reasons why a particular connection 104 may be unauthorized. For example, a 
connection 104 to a network 108 may be unauthorized because the network 108 itself is not 
necessarily trustworthy. This may be the case, for example, when a mobile computing device 
102 is connected to a wireless network 108 in a public place (e.g., a coffee shop, airport, etc.). 
Therefore, the authorized connection list 716 may include a list of authorized networks 708, as 
shown in Figure 7. 

[0056] Alternatively, or in addition, a connection 104 may be unauthorized because of one or 
more characteristics of the physical mediimi of the connection. Therefore, the authorized 
connection list 816 may include a list of authorized connection types 826, as shown in Figure 8. 
Examples of different connection types 826 include Ethemet, wireless LAN, cable modem, DSL, 
firewire, etc. 

[0057] Under some circumstances, embodiments of the security agent 112 may be installed 
on some or all of the computing devices 102 that are used by individuals who work for an 
enterprise (e.g., a corporation, small business, non-profit institution, government body, etc.). 
Figure 9 is a block diagram illustrating an exemplary system 900 in which the security agent 912 
may be distributed to and installed on the computing devices 902 of an enterprise. 
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[00581 The system 900 includes a server 928. In some contexts, the server 928 may be 
referred to as an administrative system. The server 928 distributes software to the computing 
devices 902 in the enterprise via the enterprise computer network 908. The authorized 
connection list 916, the sensitive file information 914, and the security agent 912 are stored on 
the server 928. At some point when the computing devices 902 are connected to the network 
908, the server 928 transmits the authorized connection list 916, the sensitive file information 
914, and the security agent 912 to the computing devices 902. 

[0059] Figure 10 is a block diagram illustrating the security agent 1012 installed on a 
computing device 1002. As shown, the security agent 1012 is logically situated between the 
sensitive files 1010 on the computing device 1002 and the low level network services 1030 of the 
operating system. 

[0060] Figure 1 1 is a block diagram illustrating the logical relationship between the security 
agent 1112 and the sensitive files 1110 on a computing device 1102. As shown, the security 
agent 1112 prevents access to the sensitive files 1110 on the computing device 1102 via an 
unauthorized network 1 108 (or any other type of unauthorized connection). 
[0061] Figure 12 is a block diagram illustrating the major hardware components typically 
utilized in a computing device 1202. The illustrated components may be located within the same 
physical structure or in separate housings or structures. 

[0062] The computing device 1202 includes a processor 1201 and memory 1203. The 
processor 1201 controls the operation of the computing device 102 and may be embodied as a 
microprocessor, a microcontroller, a digital signal processor (DSP) or other device known in the 
art. The processor 1201 typically performs logical and arithmetic operations based on program 
instructions stored within the memory 1203. 

[0063] As used herein, the term "memory" 1203 is broadly defined as any electronic 
component capable of storing electronic information, and may be embodied as read only memory 
(ROM), random access memory (RAM), magnetic disk storage media, optical storage media, 
flash memory devices in RAM, on-board memory included with the processor 1201, EPROM 
memory, EEPROM memory, registers, etc. The memory 1203 typically stores program 



-13- 



instnictions and other types of data. The program instructions may be executed by the processor 
1201 to implement some or all of the methods disclosed herein. 

[0064] The computing device 1202 typically also includes one or more communication 
interfaces 1205 for communicating with other electronic devices. The communication interfaces 
1205 may be based on wired communication technology, wireless communication technology, or 
both. Examples of different types of communication interfaces 1205 include a serial port, a 
parallel port, a Universal Serial Bus (USB), an Ethernet adapter, an IEEE 1394 bus interface, a 
small computer system interface (SCSI) bus interface, an infrared (IR) communication port, a 
Bluetooth wireless communication adapter, and so forth. 

[0065] The computing device 1202 typically also includes one or more input devices 1207 
and one or more output devices 1209. Examples of different kinds of input devices 1207 include 
a keyboard, mouse, microphone, remote control device, button, joystick, trackball, touchpad, 
lightpen, etc. Examples of different kinds of output devices 1209 include a speaker, printer, etc. 
One specific type of output device which is typically included in a computer system is a display 
device 1211. Display devices 1211 used with embodiments disclosed herein may utilize any 
suitable image projection technology, such as a cathode ray tube (CRT), liquid crystal display 
(LCD), light-emitting diode (LED), gas plasma, electroluminescence, or the like. A display 
controller 1213 may also be provided, for converting data stored in the memory 1203 into text, 
graphics, and/or moving images (as appropriate) shown on the display device 1211. 
[0066] Of course, Figure 12 illustrates only one possible configuration of a computing device 
1202. Those skilled in the art will recognize that various other architectures and components 
may be utilized. In addition, various standard components are not illustrated in order to avoid 
obscuring aspects of the invention. 

[0067] Figure 13 is a block diagram illustrating an exemplary computer network on which 
the present systems and methods may be implemented. In Figure 13, an administrative system 
1301 connects to a router 1303. The administrative system 1301 may correspond to the server 
928 discussed above. 

[0068] The router 1303 may be connected to three switches: a first switch 1305, a second 
switch 1307 and a third switch 1309. Each switch 1305, 1307, 1309 connects to three subnets. 
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The first switch 1305 connects to three subnets 1310, 1312, and 1314. The second switch 1307 
connects to three subnets 1316, 1318, and 1320. The third switch 1309 connects to three subnets 

1322, 1324, and 1326. The network nodes or elements 1311, 1313, 1315, 1317, 1319, 1321, 

1323, 1325 and 1327 represent computer systems or devices on the computer network. The 
administrative system 1301 may transmit the security agent 1 12 to each of the network nodes so 
that the security agent 112 may be installed on each of the network nodes. 

[0069] Those of skill in the art would understand that information and signals may be 
represented using any of a variety of different technologies and techniques. For example, data, 
instructions, commands, information, signals, bits, symbols, and chips that may be referenced 
throughout the above description may be represented by voltages, currents, electromagnetic 
waves, magnetic fields or particles, optical fields or particles, or any combination thereof. 
[0070] Those of skill would further appreciate that the various illustrative logical blocks, 
modules, circuits, and algorithm steps described in connection with the embodiments disclosed 
herein may be implemented as electronic hardware, computer software, or combinations of both. 
To clearly illustrate this interchangeability of hardware and software, various illustrative 
components, blocks, modules, circuits, and steps have been described above generally in terms of 
their fimctionality. Whether such fimctionality is implemented as hardware or software depends 
upon the particular application and design constraints imposed on the overall system. Skilled 
artisans may implement the described functionality in varying ways for each particular 
application, but such implementation decisions should not be interpreted as causing a departure 
from the scope of the present invention. 

[0071] The various illustrative logical blocks, modules, and circuits described in connection 
with the embodiments disclosed herein may be implemented or performed with a general purpose 
processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a 
field programmable gate array signal (FPGA) or other programmable logic device, discrete gate 
or transistor logic, discrete hardware components, or any combination thereof designed to 
perform the functions described herein. A general purpose processor may be a microprocessor, 
but in the alternative, the processor may be any conventional processor, controller, 
microcontroller, or state machine. A processor may also be implemented as a combination of 
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computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of 
microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such 
configuration. 

[0072] The steps of a method or algorithm described in connection with the embodiments 
disclosed herein may be embodied directly in hardware, in a software module executed by a 
processor, or in a combination of the two. A software module may reside in RAM memory, 
flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a 
removable disk, a CD-ROM, or any other form of storage medium known in the art. An 
exemplary storage medium is coupled to the processor such that the processor can read 
information from, and write information to, the storage medium. In the altemative, the storage 
medium may be integral to the processor. The processor and the storage medium may reside in 
an ASIC. 

[0073] The methods disclosed herein comprise one or more steps or actions for achieving the 
described method. The method steps and/or actions may be interchanged with one another 
without departing from the scope of the present invention. In other words, unless a specific order 
of steps or actions is required for proper operation of the embodiment, the order and/or use of 
specific steps and/or actions may be modified without departing from the scope of the present 
invention. 

[0074] While specific embodiments and applications of the present invention have been 
illustrated and described, it is to be understood that the invention is not limited to the precise 
configuration and components disclosed herein. Various modifications, changes, and variations 
which will be apparent to those skilled in the art may be made in the arrangement, operation, and 
details of the methods and systems of the present invention disclosed herein without departing 
from the spirit and scope of the invention. 
[0075] What is claimed is: 



